An Ontology for Vulnerability Lifecycle

Author

Wita, Ratsameetip ; Jiamnapanon, Nattanatch ; Teng-amnuay, Yunyong

Author_Institution

Center of Excellence in Software Eng., Chulalongkorn Univ., Bangkok, Thailand

fYear

2010

fDate

2-4 April 2010

Firstpage

553

Lastpage

557

Abstract

System vulnerability is a major cause of failures in complex systems. Relevancy analysis and ranking of vulnerability are important for system administrative work. Our research roadmap is to define a framework for prioritizing vulnerabilities based on relevancy gleaned on online information. In order to do that a systematic representation of knowledge is needed. In this paper, the relationship between lifecycle and characteristic of vulnerability-related information are defined and used in building the Vulnerability Lifecycle Ontology (VLO). VLO is further enriched by standardized naming scheme, vulnerability database, taxonomy, and related documents from the Internet. VLO will be used as the knowledge base in the vulnerability relevancy framework.

Keywords

ontologies (artificial intelligence); security of data; software maintenance; Internet; complex systems failures; online information; relevancy analysis; standardized naming scheme; system vulnerability; systematic knowledge representation; taxonomy; vulnerability database; vulnerability lifecycle ontology; Data security; Databases; Informatics; Information analysis; Information security; Information technology; Internet; Ontologies; Software engineering; Taxonomy; CVE; Risk prioritization; Security management; Security related ontology; Vulnerability lifecycle;

fLanguage

English

Publisher

ieee

Conference_Titel

Intelligent Information Technology and Security Informatics (IITSI), 2010 Third International Symposium on

Conference_Location

Jinggangshan

Print_ISBN

978-1-4244-6730-3

Electronic_ISBN

978-1-4244-6743-3

Type

conf

DOI

10.1109/IITSI.2010.141

Filename

5453687